Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

10

Proc.Eelet...th.msi

windows7_x64

8

Proc.Eelet...th.msi

windows10_x64

8

Analysis

  • max time kernel
    119s
  • max time network
    134s
  • platform
    windows10_x64
  • resource
    win10-en-20211104
  • submitted
    23/11/2021, 15:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Proc.Eeletronicoyilg1707 03r9th.msi

  • Size

    4.0MB

  • MD5

    c937a24384d2a4117ba1edaf5bae2f63

  • SHA1

    e413d38000e5e0a7b3998e20fb1623fe149ba5e3

  • SHA256

    1d7cec07e9cffe08e3b79cc38e0f0e59720934a456657dcc994256b88e43dab0

  • SHA512

    5e2390e8c7c4a0b2a5e57eb3832a6265e145dee0079c82d210604ff1f045cf98e2f7c6124fd26736a3fe4a39291cb004adcba2da9b8c35306401a622f1d90150

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Enumerates connected drives 3 TTPs 48 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 40 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\Proc.Eeletronicoyilg1707 03r9th.msi"
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2564
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2320
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 789DD4BD1A7883D490A734AA6407B6E8
      2⤵
      • Blocklisted process makes network request
      • Loads dropped DLL
      PID:2380

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2320-121-0x0000025DBE760000-0x0000025DBE762000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2320-120-0x0000025DBE760000-0x0000025DBE762000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2380-124-0x0000000000B10000-0x0000000000B11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2380-123-0x0000000000B10000-0x0000000000B11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2564-118-0x000001BD727A0000-0x000001BD727A2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2564-119-0x000001BD727A0000-0x000001BD727A2000-memory.dmp

    Filesize

    8KB

    Download